Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy ACL Rules Get Merged Incorrectly?

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 836 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      carpenike
      last edited by

      I'm trying to build out the config on this blog (http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate), but it appears that the acl rules getting generated from the GUI do not match his configuration.

      I don't have my generated configuration handy (will post later today), but it appears that when you build the handful of acl rules on each of the shared frontends and use the 'NOT' option, the merged ruleset treats the entire ACL as 'NOT' rather than individual ACL rules.

      Specifically the sections that seem to be applied incorrectly are in this section of his tutorial:

      Name: WAN_443_HTTPS
Description: HTTPS
Shared Frontend: Yes
Primary Frontend: WAN_443
Backend Server Pool: WAN_HTTPS
Access Control lists:

NAME=acl EXPR=Custom NOT=no VALUE=req.ssl_hello_type 1
NAME=acl EXPR=Custom NOT=yes VALUE=req.ssl_sni -m end -i .vpn.example.com
NAME=acl EXPR=Custom NOT=yes VALUE=req.ssl_sni -m end -i .ssh.example.com

      Hopefully that makes sense… If I could import my own config it'd likely be no problem, as his config is published here (https://gist.github.com/jpawlowski/3f91ef9d0bba49eb0c58) and seems to make logical sense to me.

      Should I be expecting this type of behavior?

      Thanks,
      Ryan

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.